As the world scrambles to respond to the outbreak, more and more workers around the globe are working remotely in an effort to contain and mitigate the pandemic. This has opened new avenues for hackers, as in many cases the companies may not have the infrastructure or policies in place to support secure remote working, and the workers may not have experience with this type of work. Users failing to use VPNs, logging into work systems via personal computers, or using home Wi-Fi networks that aren’t properly secured are just a few of the risks.
The kinds of phishing and spear phishing attacks that have become more common are preying upon these vulnerabilities. Workers using insecure connections are at greater risk themselves, but also open their company networks up to greater risk. An unpatched remote workstation or an unsecured connection can be a very tempting target for a hacker.
Refresh your employees on basic security hygiene early and often. Require your employees to set up WPA2 security on their home routers. Give a brief training to your employees about basic cybersecurity dangers.
Making sure you have strong policies in place can go a long way toward securing your remote footprint. Strong password policies will make brute-force hacking harder, for example. Putting policies in place to prevent workers logging into company systems unless they’re connected through a VPN will eliminate the danger of workers logging in from insecure personal machines.
And some basic IT best practices will be invaluable during this time as well. Be sure that your IT team is updating and patching the remote workstations of your employees as frequently as needed, to ensure as few known vulnerabilities remain out in your network as possible. Back up critical systems and data often, and make sure those backups are stored externally.
As with all threat activity and risk management, walking together as one is better than walking alone.
Engage! Leverage your RH-ISAC membership to engage with your peers in the listservs, on Slack, in the Weekly Intelligence Calls, and in any working groups you may be a part of where we maintain a proud tradition of trusted and active peer-to-peer information sharing.
Reach out! Not an RH-ISAC member? Reach out to us or visit www.rhisac.org for information on how to join, or reach out to similar security organizations of relevance to you to ask for information, solicit peer collaboration and to engaged in the strength of collective activity…don’t walk alone!